Page MenuHomePhabricator
Create Task
Maniphest T29854

Http::isValidURI is too lax
Closed, ResolvedPublic
Actions

Description

mostly stashing this here so i don't forget.

Http::isValidURI is very lax. For example:

Http::isValidURI('afsddfa fdsa fda fda dehttp://example.com fdfad This is not a url!') == true

even thought thats clearly not a valid uri.

Version: 1.18.x
Severity: enhancement

Details

Reference
bz27854

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:33 PM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz27854.
bzimport added a subscriber: Unknown Object (MLST).
Bawolff created this task.Mar 4 2011, 10:18 PM
hashar added a comment.Mar 5 2011, 4:18 PM

I have added some tests in r83296
Since we only want to support http,https and ftp protocols; this bug is about implementing the generic syntax of RFC 3986

http://tools.ietf.org/html/rfc3986

Bawolff added a comment.Mar 6 2011, 2:49 AM

I made a much improved regex in r83360. It doesn't catch everything you made tests for, but at least acts as a sane sanity check. Making a regex for generic url syntax that checks everything precisely starts to get icky rather fast, especially when considering in what places a colon can appear (seperating username password, the host/port, not to mention ipv6, etc).

I personally think the check in r83360 is sufficient, thoughts?

demon added a comment.Jun 16 2011, 2:53 AM

This all looks good to me now.

Aklapper mentioned this in T129459: :isValidURI() not functioning properly .Mar 10 2016, 12:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL